Receipt validation tests fail with invalid certificate chain

[hannesoid]

Related: #89

Some of the example receipts used in the tests are signed by now expired certificates, leading the tests to fail.
Ideally the example receipts should be updated.

[lukaskubanek]

Oh, that’s unfortunate. Happens in my project as well. Is there a way to re-sign the same receipt files or does one have to collect new ones? Also, have you thought about a way to circumvent the logic of reporting invalid certificates just for tests?

[hannesoid]

Unfortunately I think we have to collect new ones if the goal is to test if AppReceiptValidator does the right thing based on the the Apple certificate chain. As we can't sign as Apple.

If you do want to resign it, you would probably need a (trusted) valid certificate + private key to start with, resign the receipts somehow and put it in the AppReceiptValidator parameters parameters.signatureValidation: SignatureValidation = .shouldValidate(rootCertificateOrigin: myRootCertificate). But I don't have an example how this really plays out.

Conceptually though, I think it should be enough to update the tests in the AppReceiptValidator package in this repository, and in your own project's tests, if it is too cumbersome too collect receipts again, you can disable the signature check:

let result = AppReceiptValidator().validateReceipt(parameters: .init().with {
     // this test uses a receipt of which a certificate has expired, we just want to check the parsing part so we can neglect this here
     $0.signatureValidation = .skip 
     …
})

[lukaskubanek]

if it is too cumbersome too collect receipts again, you can disable the signature check

That’s a great hint, thanks! I’ll probably collect as many new receipts as I can and fall back to skipping signature checks for all the other test cases.